I have seen this page a hundred times and have tried different variations of what it is saying to do, but have been unsuccessful.

The directions here are not clear...

I need to find instructions on this..."Configure the security domain of the IDP to also include mapping configuration for attributes." Here is how I am trying to map attribute values with LdapAttributeMappingProvider.

at org.picketlink.identity.federation.web.util.IDPWebRequestUtil.send(IDPWebRequestUtil.java:227)

at org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve.processSAMLRequestMessage(IDPWebBrowserSSOValve.java:641)

at org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve.invoke(IDPWebBrowserSSOValve.java:383)

at org.picketlink.identity.federation.bindings.tomcat.idp.IDPSAMLDebugValve.invoke(IDPSAMLDebugValve.java:59)

at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)

at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)

at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)

at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)

at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)

at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)

at java.lang.Thread.run(Thread.java:662)

If I use the EmptyManager, everything works, but I get no values passed to the SP.

In my investigation, I think I am using an older version of the jboss-security.jar file as I noticed that "MappingType.ATTRIBUTE" doesnt exist in the jar file I am using, although the value is used by the JBossAppServerAttributeManager.

I have a fresh install of jboss as 5.1.0 installed. Am I using a wrong version?

The only change I made in the SAML2AttributeHandler, was to download the Handeler that Anil changed (listed in the post earlier) and changed one method. Notice what I block commented out and in which method.

I made no changes to the JBossAppServerAttributeManager, used it right as is was...

Now the only problem I have left is on the other posts about the Attribute handler being invoked in the chain AFTER the response is already sent. Makes no sense why it is doing that, but it is clear in my case that the attributes I am getting above are never sent on the first response, but only if the original assertion expires and the SP requests a resend.